A fix is available for IBM SONAS, for GPFS security vulnerabilities
IBM General Parallel File System (GPFS) is a high-performance clustered file system. It is used in IBM SONAS.
CVEID: CVE-2016-2985
DESCRIPTION: A security vulnerability has been identified in IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root by setting environment
variables processed by setuid programs.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114001> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/CI:H/I:H/A:H)
CVEID: CVE-2016-2984
DESCRIPTION: A security vulnerability has been identified in IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root by supplying command line
parameters to setuid programs.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114000> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:N/UI:N/S:U/CI:H/I:H/A:H)
IBM SONAS
The product is affected when running code releases 1.5.0.0 to 1.5.2.4
A fix for these issues is in version 1.5.2.5 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.5 or a later version, so that the fix gets applied.
Please contact IBM support for assistance in upgrading your system.
Workaround(s): None
Mitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->scale out network attached storage | eq | 1.5.2.4 |